Google Git
Sign in
apache / puppet-fail2ban / refs/heads/fix_actionsource / . / manifests / action.pp
blob: 4336b03d5ded774ff5633b2cba8762364b88975c [file] [log] [blame]
# Define: fail2ban::action
#
# Adds a custom fail2ban action
# Documentation: Manpages & http://www.fail2ban.org/wiki/index.php/MANUAL_0_8
#
# Supported arguments:
# $actionname - The name you want to give the action.
# If not set, defaults to == $title
# action local file is named after this value, like
# $actionname.local. The suffix "local" is automatically added.
#
# $actionenable - true / false. If false, the rule _IS NOT ADDED_ to the
# action.local file
# Defaults to true
#
# $actionsource - Sets the content of source parameter for the new action
# It's mutually exclusive with $actiontemplate.
#
# $actiontemplate - Template to use when defining a new action
# It's mutually exclusive with $actionsource.
#
# $actionstart - command(s) executed when the jail starts.
# Can be an array
# Used only with $actiontemplate
#
# $actionstop - command(s) executed when the jail stops.
# Can be an array
# Used only with $actiontemplate
#
# $actioncheck - the command ran before any other action.
# It aims to verify if the environment is still ok.
# Used only with $actiontemplate
#
# $actionban - command(s) that bans the IP address after maxretry
# log lines matches within last findtime seconds.
# Used only with $actiontemplate
#
# $actionunban - command(s) that unbans the IP address after bantime.
# Used only with $actiontemplate
#
# $actionbefore - indicates an action file that is read before the
# [Definition] section.
#
# $actionafter - indicates an action file is read after the
# [Definition] section.
#
# $actioninitvars - Variables for the INIT stanza of the action file.
# They are tuples in the format
# "var = value"
# Can be an array like
# [ "var1 = value1", "var2 = value2",.., "varN = valueN" ]
#
define fail2ban::action (
$actionname = '',
$actionsource = '',
$actiontemplate = 'fail2ban/action.local.erb',
$actionstart = '',
$actionstop = '',
$actioncheck = '',
$actionban = '',
$actionunban = '',
$actionbefore = '',
$actionafter = '',
$actioninitvars = '',
$actionenable = true ) {
include fail2ban
$real_actionname = $actionname ? {
'' => $title,
default => $actionname,
}
$action_file = "${fail2ban::data_dir}/action.d/${real_actionname}.local"
$array_start = is_array($actionstart) ? {
false => $actionstart ? {
'' => [],
default => [$actionstart],
},
default => $actionstart,
}
$array_stop = is_array($actionstop) ? {
false => $actionstop? {
'' => [],
default => [$actionstop],
},
default => $actionstop,
}
$array_check = is_array($actioncheck) ? {
false => $actioncheck? {
'' => [],
default => [$actioncheck],
},
default => $actioncheck,
}
$array_ban = is_array($actionban) ? {
false => $actionban? {
'' => [],
default => [$actionban],
},
default => $actionban,
}
$array_unban = is_array($actionunban) ? {
false => $actionunban? {
'' => [],
default => [$actionunban],
},
default => $actionunban,
}
$array_initvars = is_array($actioninitvars) ? {
false => $actioninitvars? {
'' => [],
default => [$actioninitvars],
},
default => $actioninitvars,
}
$ensure = bool2ensure($actionenable)
$manage_file_source = $actionsource ? {
'' => undef,
default => $actionsource,
}
$manage_file_content = $actiontemplate ? {
'' => undef,
default => $actionsource ? {
'' => template($actiontemplate),
default => undef,
}
}
file { "${real_actionname}.local":
ensure => $fail2ban::manage_file,
path => $action_file,
mode => $fail2ban::config_file_mode,
owner => $fail2ban::config_file_owner,
group => $fail2ban::config_file_group,
require => Package[$fail2ban::package],
notify => $fail2ban::manage_service_autorestart,
source => $manage_file_source,
content => $manage_file_content,
replace => $fail2ban::manage_file_replace,
audit => $fail2ban::manage_audit,
noop => $fail2ban::noops,
}
}